Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:micromules.com

I ran this command: certbot certonly

It produced this output:

IMPORTANT NOTES:

Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/micromules.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/micromules.com/privkey.pem
Your cert will expire on 2018-10-04. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again.

That’s a symlink to the wrong directory. The new certificate should have been – and probably was – saved in /etc/letsencrypt/archive/micromules.com/. But since the symlink is wrong, Certbot wasn’t able to update it to point to the new files.

That’s a symlink to the wrong directory. The new certificate should have been – and probably was – saved in /etc/letsencrypt/archive/micromules.com/ . But since the symlink is wrong, Certbot wasn’t able to update it to point to the new files.

There’s a known problem where if you change the targets of links in /etc/letsencrypt/live, or selectively delete files in /etc/letsencrypt, you can get repeated renewals but not have the updates seem to take effect because they’re not written to the expected place. We have README files there encouraging people not to try to reorganize those directories because of assumptions that Certbot makes about their structure. I suspect that’s the problem here, so the ls command that you asked for should help to confirm what’s going on.

I think we need to make Certbot more proactive about detecting this situation and explaining to the user that renewals are broken due to a corrupted /etc/letsencrypt structure. It should be possible for Certbot to detect many of the failure modes.

Thanks for all of you help, I’ve now found the updated certificate and altered the httpd.conf to point to it
/etc/letsencrypt/archive/micromules.com/fullchain2.pem
/etc/letsencrypt/archive/micromules.com/privkey2.pem

Here is the output of ls -alR /etc/letsencrypt/{archive,live,renewal}/ as requested earlier. Thanks